Nissan North America has had the source code of mobile apps and internal tools leaked online after misconfiguring one of its Git Servers. The Git Server has default username and password (admin/admin) and is now taken offline. The Nissan is investigating the leak. Offering insight on the story are the following cybersecurity professionals.
Experts Comments
Modern connected cars with convenient features like remote unlock, remote start require at least a 4 digit PIN to do it and strong authentication to use them. It’s curious then why the alleged source code repository for the backend and front-end for this technology wasn’t protected with an equally bare minimum security method. This is a classic example of the security being only as good as the weakest link – most likely in this case down to both human error and lack of process for risk
.....Read MoreIt is a basic security control to change the vendor default passwords whenever a system is deployed. From the nature of the content, this should be a production system and reviewed prior to having the source code uploaded. This basic control forms part of most organizations ISMS standards, i.e. ISO27001 policies and regulations internally. As Nissan Japan had their 9001 certificate revoked in 2017 by authorities it is not the first time the successful implementation of good plans and strategies
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Using weak authentication is a huge security mistake for organizations that can have serious ramifications, including potentially leaking intellectual property, as we’ve seen with the Nissan source code exposure. Unfortunately, authentication issues are commonplace as our recent State of Public Cloud Security Report found that 5.3 percent of organizations have at least one workload accessible using either a weak or leaked password. Multi-factor authentication (MFA) is an essential tool to help
.....Read MoreUsing weak authentication is a huge security mistake for organizations that can have serious ramifications, including potentially leaking intellectual property, as we’ve seen with the Nissan source code exposure. Unfortunately, authentication issues are commonplace as our recent State of Public Cloud Security Report found that 5.3 percent of organizations have at least one workload accessible using either a weak or leaked password. Multi-factor authentication (MFA) is an essential tool to help combat this challenge, but it is also being underutilized by organizations. Our research found that 23.5 percent of organizations aren’t using MFA to protect their high-risk accounts with super admin users. Strong authentication is key for organizations to conduct business in the digital economy, and critical breaches will continue to occur as long as hackers can easily find and exploit weak links.
Read LessLinkedin Message
@Avi Shua, CEO and Co-founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Using weak authentication is a huge security mistake for organizations that can have serious ramifications...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-experts-insight-on-nissan-source-code-leaked
Facebook Message
@Avi Shua, CEO and Co-founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Using weak authentication is a huge security mistake for organizations that can have serious ramifications...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-experts-insight-on-nissan-source-code-leaked